Call it bizarre but the recently finalised Brexit deal includes a now-defunct email software called Netscape Communicator and outdated encryption standards for containing DNA profile information between the concerned countries.
Security researchers have stumbled upon these details in the 1,256-page Brexit deal, which mentions 23-year old Netscape Communicator email software.
Netscape Communicator is simply mentioned as an example of a “modern e-mail software package” that supports s/MIME (alongside Outlook and Mozilla Mail), The Verge reported on Tuesday.
However, the use of outdated encryption standards is a bit more concerning, as “Hackaday points out that the SHA-1 hash algorithm has effectively been broken as of 2017, while 1024-bit RSA encryption is vulnerable to brute force attacks by more powerful modern computing”.
The language of the Brexit deal itself may be older than it looks.
The BBC reported that the same text also appears on a 2008 EU document, “which seems to indicate that the lawmakers cobbling together the massive 1,256-page treaty may have recycled some old text without reading it too closely”.
This looks like a standard copy-and-paste of old standards, and with little understanding of the technical details,” professor Bill Buchanan told the BBC.
“Netscape Communicator is mentioned in Brexit document … Almost feels like it is 40 years old …1K RSA and SHA-1 … one day we will build a digital world fit for the 21st Century…” Buchanan also tweeted.
It is not clear why the EU felt that Netscape Communicator 4 which was last updated in 2002, and succeeded by several generations of Netscape apps by 2008, was a useful email application to cite in the 2008 bill.
“It’s entirely possible that the recycled 2008 text was itself borrowed from an even earlier time, back when Netscape was still relevant”.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]